Roles privileges inaccessible.

Similar Messages

• Java Database User Role Privileges Framework

  Hello
  I am looking Java Framework which automatic generates Java Code for
  Database User Role Privileges Administration.
  Like in database we have a table of Users
  Now we have table of Author, Book etc. (Related to Library)
  Now i want to give insert permission to user1
  update and delete permission to user2 etc.
  Is there any framework related
  Remeber i do not need User Role Privileges in database.
  I need a framework to do this job.
  Thanks in Advance.

  There are tables created under the SAPSR3DB or SAP<SID>DB schema with extension .UME, such as SAPSR3DB.UME.ACL_ACL or SAPSR3DB.UME_ACL_ACLENTRY for AS-JAVA.
  There are other tables with the UME extension too.
  Regards,
  Anwar

• Right role/privileges for KVM Access only in UCS

  Hi
  I am making some locally Authenticated Users for some people at work.
  They only need to access KVM and do things there.
  What role/privileges do I need to set on the user?

  Thank you for your answer.
  I have looked into the thread, and was thinking about method #4.
  I have created a user under Locally Authenticated Users and if I set the role Operations I get this message after pressing launch under KVM launch manager.
  If I type the same username and password, I get login failed.
  If I add the role Server-profile to the user, I can login with no issue. But then I am afraid that I give to much privileges to the user.
  I'm using a Management IP Pool, so I don't know if the other methods works better. I think it is difficult to know the IP address, and maybe the adress can change.
  The best is, when I add a server to UCS, the user can find the server KVM by himself, and I don't need to find the IP address and give it to him.
  Maybe I am way off here, so please help me:)

• Roles/Privileges

  I am creating a new repository for OEM on 8i. I first created a sysdba user to manage the repository. When attempting to use the configuration assistant I run into the error that the user I created for the repository does not have the roles or privileges necessary to create the oem repository. Can anyone please tell me what roles/privileges the sysdba user is lacking to create this repository? Thank you.

  select * from dba_sys_privs where grantee='ROLENAME';
  select * from dba_role_privs where grantee='ROLENAME';
  select * from dba_tab_privs where grantee='ROLENAME';

• SQL query won't compile based on DB role privileges

  Can someone give me an explanation why the SQL query in a report won't compile if an object is owned by another schema and the parsing schema is given privileges to the table via a role grant?
  Or to phrase it another way, why do we have to make direct grants on tables to the parsing schema for reports based on SQL queries that access tables in other schemas?
  Thanks in advance,
  Paul

  Paul - In Oracle, roles are not enabled during the execution of definer's rights stored procedures which is the environment in which all Application Express application code is parsed/executed. There are scads of posts about this topic in this forum.
  Scott

• Account role, privileges

  related to "User access to OEM" thread (but removing the OEM element )
  Using 10.2.0.1.0.
  I want to create a user account (user A) that has limited 'DBA' permission. This user must have permission to modify 1 other schema (user B). I do not want 'user A' to modify ANY other schema (i.e. user C, user D)
  Is this possible?
  So far, I've created the account, and provided the following:
  Roles:
  connect
  resource
  exp_full_database
  imp_full_database
  gather_system_statistics
  java_admin
  xdbadmin
  xdbwebservices
  Sys Privileges:
  select any dictionary
  alter session
  Object Privileges:
  Grant object privileges to objects in 'user B' schema.
  Quotos:
  gave 'unlimited' quotos for 'user A' tablespace and 'user B' tablespace.
  ***Problem: When I log in as ‘user A’, I can create/delete tables, objects… in schemas other than ‘user A’ and ‘user B’.
  Message was edited by:
  user511512

  okay, basically same question, but I removed the OEM part.
  related to "User access to OEM" thread (but removing
  the OEM element )
  Using 10.2.0.1.0.
  I want to create a user account (user A) that has
  limited 'DBA' permission. This user must have
  permission to modify 1 other schema (user B). I do
  not want 'user A' to modify ANY other schema (i.e.
  user C, user D)
  Is this possible?
  So far, I've created the account, and provided the
  following:
  Roles:
  connect
  resource
  exp_full_database
  imp_full_database
  gather_system_statistics
  java_admin
  xdbadmin
  xdbwebservices
  Sys Privileges:
  select any dictionary
  alter session
  Object Privileges:
  Grant object privileges to objects in 'user B'
  schema.
  Quotos:
  gave 'unlimited' quotos for 'user A' tablespace and
  'user B' tablespace.
  ***Problem: When I log in as ‘user A’, I can
  create/delete tables, objects… in schemas other than
  ‘user A’ and ‘user B’.
  Message was edited by:
  user511512

• Roles/Privileges provisioning to unrelated systems

  Hello IDM Gurus,
  I set up an IDC config and connected it to 3 SAP target systems, say A, B and C. Each of the repositories/target systems have linked up to default provisioning/deprovisioning/modify tasks from the SAP provisioning framework. I have imported privileges from each of these systems; I have contained a basic user privilege from each target system within its own simple role through the role members section of each privilege. Provisioning the role related to a specific system should ideally provision to only the related system; instead I'm encountering the weird error of provisioning Role A (containing privilege A) to a user but instead of just provisioning to system A, the user gets provisioned to systems A, B and C. This made absolutely no sense to me, so I went through and checked to see if there were any rogue links between the other privileges and roles, but there were none. I tried to simplify things and tried provisioning just the privilege directly to the user and it did the same thing; provisioning privilege A to a user ends up automatically provisioning the user to system A, B and C.
  Are the repositories messed up? Should they be created from scratch?
  I'm stumped; any ideas/suggestions?
  i would appreciate any help with the issue! Thanks in advance!
  Best regards,
  Sandeep

  Thanks a lot for your quick response Paul!
  I checked the privileges as well as the initial load jobs and the privileges are set to Inherited/None for Provision and Deprovision and already set to None for the Modify task; this is happening as you suggested through our initial load jobs which set the Modify Task to -1. Unfortunately, adding a privilege still seems to be triggering the other systems' provisioning tasks as well; add the privilege for system A and the "Group System Provisioning" task kicks off and fires all 3 systems provisioning tasks.
  Is there any other property on the privileges or repository that I should be checking or fixing in order to prevent this behavior? Or is there anything else that I haven't thought of checking that could be causing this behavior?
  I would really appreciate any ideas/suggestions.
  Thanks much for your time and help!
  Cheers!
  Sandeep

• Roles privileges question

  Version Info: Oracle version 11gR2 running on windows server 2008.
  I have a question on something that i didnt understand with regards to a role.
  I have a table called abc owned by a schema called MainSchema. I created a role in this schema called updateweb which has an update privilege granted to abc table.
  grant update on MainSchema.abc to updateweb; I granted the update privilege on the above role to another schema called webusers.
  grant updateweb to webusers; However when i run an update statement on behalf of the schema webusers on the table abc, from an asp.net webpage, i get an ora-1031 insufficient privileges.
  However if i directly grant like this
  grant update on mainschema.abc to webusers;         (from mainschema) it works.
  Why doesnt it work if used from a role???
  Thanks.

  I don't understand why almost everyone here
  - refuses to read documentation
  - refuses to use Google
  - refuses to use the 'Search' link
  - doesn't read about the Etiquette in this Forum, which includes you should consult documentation prior to posting
  Assuming the context of your unknown update statement is a stored procedure
  this question has been asked a gazillion times by people as equally lazy as you.
  It has also been answered a gazillion times by people called 'volunteers'.
  The answer has always been the same
  As roles are volatile, they are disabled during compilation of stored procedures etc.
  What works is
  - the stored procedure is in the same schema as the affected table, execute privilege can be given to a role
  - the procedure is created with 'authid current_user'
  - the worst solution: access is granted directly
  What is so special about you you think you are the only one with this non-issue?
  Sybrand Bakker
  Senior Oracle DBA

• General Questions about Oracle Roles/Privileges

  Hi,
  I have a few questions I'm hoping to get clarification on:
  1 - Is there a view similar to DBA_SYS_PRIVS/DBA_TAB_PRIVS that shows which system privileges have been assigned to users/accounts ONLY, filtering out roles? If not, how would one go about obtaining this list?
  2 - Is there a view similar to DBA_ROLE_PRIVS that shows also just shows which users have been assigned to which roles ONLY, again filtering out roles? If not, how would one go about obtaining this list? I assume some type of recursion has to be done here to flatten out the roles.
  My end goal is this:
  - List of all users and directly assigned system privileges only
  - List of all users and directly assigned table/object privileges only
  - List of all users and all roles (if role X contains role Y, this list should show user has role X and Y)
  Many thanks!

  1 - Is there a view similar to DBA_SYS_PRIVS/DBA_TAB_PRIVS that shows which system privileges have been assigned to users/accounts ONLY, filtering out roles? If not, how would one go about obtaining this list?
  it's simple:
  select grantee, privilege from dba_sys_privs where grantee in (select username from dba_users);
  select grantee, owner, table_name, privilege from dba_tab_privs where grantee in (select username from dba_users);
  2 - Is there a view similar to DBA_ROLE_PRIVS that shows also just shows which users have been assigned to which roles ONLY, again filtering out roles? If not, how would one go about obtaining this list? I assume some type of recursion has to be done here to flatten out the roles.
  select grantee, granted_role from dba_role_privs where grantee in (select username from dba_users);
  select grantee, granted_role from dba_role_privs where grantee in (select role from dba_roles);Hope this helps...

• Roles privilege

  HI
  dba_role_privs tells what role has granted to which users
  role_sys_privs tellls what system privileges has granted to roles
  role_tab_privs tells what object privileges has granted to roles
  i have created a role STR_ROLE_UPD and also granted update privilege on one table to this role. than i have gratned this role to one user
  now dba_role_privs is showing me correct info that STR_ROLE_UPD has granted to syso user
  but if i qurying role_sys_privs or role_tab_privs to know what privilege granted to this role.. it is not showing details for this role... only showing details about role which are predefined (oracle default roles)
  how do i knw what system or object privilege granted to STR_ROLE_UPD role.

  Hi user511621,
  Try this script:
  REM NAME : ROLE.SQL
  REM FUNCTION : GENERATE ROLES REPORT
  REM USE : manual
  REM Limitations : None
  REM
  set pages 58
  column role format a19 heading 'User or Role'
  column admin_option format a3 heading 'Ad?'
  column owner format a7 heading 'Owner'
  column table_name format a26 heading 'Table name'
  column privilege format a21 heading 'Priv, Grant or Role'
  column r_ord noprint
  break on role
  start titel132 'ORACLE ROLES REPORT'
  define output = 'rep_out\&db\role_rpt'
  spool &output
  select
  2 r_ord, b.role role, b.owner owner, b.table_name,
  b.privilege privilege, b.grantable admin_option
  from
  sys.role_tab_privs b
  union
  select
  1 r_ord, a.role role, 'N/A' owner, 'N/A' table_name,
  a.privilege privilege, a.admin_option admin_option
  from
  sys.role_sys_privs a
  union
  select
  3 r_ord, c.role role, 'N/A' owner, 'N/A' table_name,
  c.granted_role privilege, c.admin_option admin_option
  from
  sys.role_role_privs c
  order by
  role,r_ord;
  spool off
  set flush on term on pagesize 22 linesize 80
  clear columns
  clear breaks
  ttitle off
  pause Press enter to continue
  Regards,
  Francisco Munoz Alvarez

• Can't inherit role privileges to user accounts in targets.

  Hello,
  We have the role MXGR0001 and it has a privilege associated (PRIV:GROUP:AD:CN=UMonterrey,OU=Security,OU=Groups,OU=Monterrey,OU=Mexico,DC=mabenet,DC=corpmabe,DC=com)
  as is indicated on u201CMember Privilegesu201D tab. When we see the privilege properties, it says the role is a member from this privilege.
  In the u201CTasksu201D tab of the privilege, we have associated a task in the part of u201CProvisioning Tasku201D, our task is u201CCreateADSUseru201D, the reason of this association was because at the moment of the assignation of the role, the task associated to the privilege could be executed and the privilege could be associated to the user.
  Note: The Active Directory user has static values just to see the association with the privilege.
  For example, we wanted to associate the user 1000611 with the role MXGR0001, it works fine, but when I look for the created user in Active Directory in the tab "Member of" of my user, the privilege is not associated. Do you know why this is happening? or do you know how to associate privilege to an Active Directory User from the Identity Center, which are the fields or tasks that I need to change into the Privilege or Role?
  I hope you could help me with this!
  Regards!
  Edited by: Andrés Alavez on Nov 8, 2011 11:13 PM

  That's a bit unusual, and perhaps if you start the computer from the OS X
  Install disc and run Disk Utility's first-aid from that version on the booted
  install disc; have it 'repair disk' and also 'repair disk permissions.'
  Sometimes, just starting in SafeBoot, then 'repair disk permissions' from
  Disk Utility in the Utilities/Applications folder (see Go in Finder menu,
  choose Utilities folder; find Disk Utility; launch) and when it is done,
  quit Disk Utility and restart and allow the computer to boot normally.
  This may resolve the user account issue; or it may not.
  See various instructions (can be used outside of context)
  "Resolve startup issues and perform disk maintenance
  with Disk Utility and fsck" - http://support.apple.com/kb/TS1417
  In a worse-case scenario, an "archive & install" and update may be
  required, if an issue cannot be resolved through other means. More
  would need to be known about the machine, its use & status before
  suggesting any one course of action. There may be something else
  behind the symptom you described.
  Good luck & happy computing!

• SSO and how to Managing User Roles/Privileges with Forms using Oracle db

  We are in the process of implementing Oracle Application Server SSO with our custom Forms application using Oracle database -- all 10.2.0.1.0 version.
  In our Forms Applications, we have about a dozen roles we have assigned to various users. We need to identify each user using our Forms because we are using the GLOBAL USER throughout the application.
  Questions:
  -- Do we have to create users/passwords in both OID and application database?
  -- Is there a way to easily manage the user and passwords between SSO and Forms App/database in one place? For example, how does a user change their password once, but actually change it in both the database and SSO?
  Any advice and/or direction would be greatly appreciated.
  Thank you,
  Mika
  Edited by: user11846198 on Sep 1, 2009 1:41 PM
  Edited by: user11846198 on Sep 1, 2009 1:53 PM

  Yes, you can have global roles in the DB and assign this roles to specific OID users, and the will heritage the privilages, you can do this using Oracle Identity Management Web Tool http://hostname:7777/oiddas is not complicated.
  Greetings.

• Role/privileges to make alter another user's account !

  Dear Friends ,
  I am using Oracle10g R2 database . In oracle , I want to give a special permission which is
  "alter user username account unlock"to a normal user . i.e., a normal user of oracle database has the right to alter all other user's account unlock permission if necessary .
  For this reason , which permission/privileges I need to give that user , is it possible to do ?
  Edited by: shipon_97 on Oct 21, 2009 9:35 AM
  Edited by: shipon_97 on Oct 21, 2009 9:36 AM

  It's been already discussed in other threads but with a focus on changing users' passwords. Same applies to account lock status.
  In short, with user sys or system, create a procedure that inputs an account name and unlocks the account. Grant execute on this procedure to your designated user.

• Error in reconcilation Function - Job "Reconcile roles and privileges"

  SAP NW 7.0 SP2 Patch 3
  Roles contain Privileges
  Help file says: "If you are using roles and privileges, you will need to perform a reconciliation of the roles/privileges assigned to the users in the identity store after the roles are modified. "
  Job imported as described.
  When I let the job run on the ID-Store, for each entry, the following error message occurs:
  runFunctionsInString($FUNCTION.reconcile( MSKEY )$$) got exception
  org.mozilla.javascript.NotAFunctionException: reconcile( MSKEY )
  ...where MSKEY is, of course, the MSKEY of the entry.
  If I let run the job with the Windows-Dispatcher and as a VB-script, it produces no error; however, in the output file, there are a lot of Messages like
  "!ERROR: Invalid use of Null"
  Only some entries (of Type MX_PERSON) show the "Priviliege added: (...)" output. But the job does not add the Privileges assigend to the role, as it should.
  So, I would suggest that one redefines the SQL-Query of the Job so that it runs only on MX_PERSONS. But then, still, in my case, it does nothing.
  Has anyone better experiences with the Job?
  Edited by: Thomas P. Felder on Sep 25, 2008 10:32 AM

  The job when imported by default uses java runtime engine but the script is written in vbscript syntax so you have to change the engine or the script syntax.
  When you did your select statement did you use SELECT DISTINCT.  That will also cause errors.  I do not narrow the entry type to MX_PERSON.
  I'm installing the patch now;  I will see if I get any errors.

• System Privileges, Object Privileges and Roles in Oracle 10g r2

  Hello,
  I am looking for a comprehensive details about each and every role, privileges(both object and system) that are available in standard Oracle EE 10g r2.
  I have visited administrator reference manual and other documents from docs.oracle.com but could not fine this information.
  Can anyone redirect me to an appropriate URL or documentation that details whats and hows of each and every roles and privileges?
  Thanks,
  R

  Rich V wrote:
  Hello,
  I am looking for a comprehensive details about each and every role, privileges(both object and system) that are available in standard Oracle EE 10g r2.
  I have visited administrator reference manual and other documents from docs.oracle.com but could not fine this information.
  Can anyone redirect me to an appropriate URL or documentation that details whats and hows of each and every roles and privileges?
  Thanks,
  RHi, you can use dba_role_privs,role_sys_privs views,for more information see
  http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/admusers.htm
  http://www.cuddletech.com/articles/oracle/node36.html